wkarshat
commented
2 years ago An issue with the site, not the app. Tip.Party appears to handle http redirect correctly, but where's its site repo?
Open garmeeh opened 2 years ago
wkarshat
commented
2 years ago An issue with the site, not the app. Tip.Party appears to handle http redirect correctly, but where's its site repo?
hmrtn
commented
2 years ago https://pay.party and https://app.pay.party / https://dev.pay.party does have the correct certificates. This is an issue with the landing page redirects. Looking into it.
nyedidikeke
commented
2 years ago An issue with the site, not the app. Tip.Party appears to handle http redirect correctly, but where's its site repo?
https://pay.party and https://app.pay.party / https://dev.pay.party does have the correct certificates. This is an issue with the landing page redirects. Looking into it.
@wkarshat @hmux The challenge is not with "the site" nor "the app". Neither it is about correctness of TLS certificates; it is about unencrypted data in transit, thereby making users more susceptible to attacks. I wouldn’t have the site available over HTTP and HTTPS, and redirect HTTP to HTTPS - it would work; Yes, but strongly discouraged.
An attacker resolved to launch a MITM attack on users could persuade them to visit your site over plain HTTP. The attacker may fake your site and acquire sensitive data from your users, or proxy to the legitimate HTTPS version of your site and snoop all data, if traffic could be diverted (e.g. DNS poisoning).
Why not serve just one version of the site (HTTPS only), simply redirect incoming HTTP traffic to HTTPS, then enable HSTS to aid in the prevention of the scenario above?
Describe the bug Hey, I just came across your site earlier. I clicked a link from twitter where someone tweeted and mentioned
pay.partythis resulted in me landing on http://pay.party and getting the Not Secure warning.To Reproduce Steps to reproduce the behavior:
Expected behavior It redirects to secure site